This is a just a FYI.
We were working on our DKIM implementation, and unfortunately, after it
was all said and done, it appears the Microsoft Cryptography API does
not support SHA256 across all platforms (Not supported on XP/2000/NT).
http://msdn2.microsoft.com/en-us/library/aa375549(VS.85).aspx
Very unfortunate. We made an issue over the compatibility issues with
DNS services (RR vs TXT) and I know I see the same issue for Windows
applications being limited on what it can verify depending on what OS it
is running on.
This means the DKIM signers will be faced with a significant number of
verifiers (either MTA or MUAs) will be capable of using SHA256.
Personally, I have less of an issue with DKIM signing services having to
run on Windows 2003/2008/VISTA implementations but the Windows client
implementations will suffer.
Overall, this basically means product vendors will be less incline to
use the MS cryptographic API for new digital signing technology and have
to use other 3rd party (like OPENSSL) Cryptography APIs. For
organizations who have issues with using OPEN SOURCE, that may be be a
problem.
Microsoft SHOULD seriously consider, at the very least, provide
CALG_SHA_256 hashing support for the default CSP (Microsoft Base
Cryptographic Provider) on the widely adopted Windows XP operating system.
The larger DKIM implementations with some pull and Microsoft contacts,
should consider contacting the key MS people requesting MS support
SHA256 on all their current Windows OSes. This will help DKIM across
the board, especially on Windows.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html